Step 3: Determine Primary Barriers

Once the core team has analyzed the legal and market landscape, it should determine the most critical barriers to address to advance exchange of health information in the state. States can consider ranking barriers according to priority levels, with those that are essential to progress as the highest priority.

Categorizing barriers may be a particularly helpful exercise as states work to map potential strategies to existing barriers. For instance, a state may discover that a particular strategy that addresses a high-priority barrier may work to solve a lower priority barrier, as well.

Table 1 lists the primary legal and market-based barriers identified by the NGA Center based on interviews with state and national experts as well as literature review.

Federal and state privacy laws pertaining to health information that are more protective or restrictive than HIPAA can significantly limit information flow between providers by either fully prohibiting exchange for certain categories of information or adding burdensome requirements that make exchange more difficult. More protective laws prohibit or restrict disclosure of specific categories of health information deemed sensitive—such as substance abuse, mental health or communicable disease information—without explicit patient consent.

The FFS payment model incentivizes providers to deliver high volumes of individual services as opposed to the most efficient and effective care. Under the FFS model, many experts posit that providers almost always lack strong financial incentives to share information to achieve efficiencies, such as reducing unnecessary services and better coordinating care.20 Without strong incentives, providers are unlikely to share data, particularly when doing so requires significant investment in systems and services, as well as workflow integration.

Perceived Restrictions to Information Exchange

Lack of Uniform Data Standards

The intent of federal and state privacy laws is often confusing to providers. Hospital systems and provider groups are responsible for setting their own privacy policies, which can vary based on their interpretation of the law. These entities may apply a more restrictive interpretation of the law in setting their privacy policies because they are confused about the true intent of the law or are intentionally seeking to avoid legal risks associated with improperly sharing patient information. Restrictive interpretation adds unnecessary burden to information sharing between providers and limits information flow.

Data standards for exchange of health information do exist, but there are no uniform national standards to which all health systems and providers adhere. The lack of national data standards allows IT vendors to develop systems and solutions according to their own design interests, which creates significant variability across systems and service platforms. Vendors are then able to charge additional fees to enable connections between systems.

Burdensome Consent Requirements

Information Blocking

The requirement to obtain and document patient consent can be difficult for providers, who may not feel comfortable explaining consent to patients and may not have sufficient time to ensure that information is being shared in accordance with the law. In some cases, providers will decide not to exchange health information rather than engage in a burdensome consent process.

In the current market environment, IT vendors and providers can benefit from limiting access to data as opposed to facilitating or participating in exchange of health information. By limiting access to data, vendors and providers can retain proprietary control over the data, which they can then use to extend lines of business or prevent patients from leaving their provider network. In some instances, efforts to limit access to data may be reasonable responses to existing economic incentives or legitimate controls to protect patient privacy or safety. In other instances, however, efforts to limit access to data are unreasonably and knowingly executed to block exchange of health information.

Variability Across States

Varying state laws add a level of complexity for exchange of health information across state lines. In situations where provider and hospital systems operate in multiple states that have conflicting privacy laws, they may adopt policies that adhere to the more protective laws to minimize risk and avoid administrative and technical complexity. Adhering to the most restrictive laws across multiple states results in a situation where optimal information flow does not occur.